British retailer **Marks and Spencer (M&S)** suffered a **cyberattack** leading to the compromise of **customer personal data**, including names, home/email addresses, and phone numbers—though no payment details or passwords were exposed. The attack caused **operational disruptions**, with **online shopping still unavailable** and **in-store shortages** due to 'technical issues' affecting product availability. M&S’s share price dropped **11% over the past month**, and customers were advised to reset passwords as a precaution, though no evidence of data misuse was found. The incident was **claimed by the DragonForce ransomware group**, but this remains unverified. The **National Cyber Security Centre (NCSC)** is investigating potential links to similar attacks on other UK retailers, including Co-op and Harrods, while working to mitigate further harm.
Source: https://therecord.media/marks-spencer-confirms-customer-data-breach
TPRM report: https://www.rankiteo.com/company/marks-and-spencer
"id": "mar451082725",
"linkid": "marks-and-spencer",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (all online customers '
'notified)',
'industry': 'Retail (Clothing, Food, Home Goods)',
'location': 'United Kingdom',
'name': 'Marks and Spencer (M&S)',
'size': 'Large (FTSE 100 constituent)',
'type': 'Retailer'},
{'industry': 'Retail (Grocery, Funeralcare, Legal '
'Services)',
'location': 'United Kingdom',
'name': 'Co-op',
'type': 'Retailer'},
{'industry': 'Luxury Retail',
'location': 'United Kingdom',
'name': 'Harrods',
'type': 'Retailer'}],
'customer_advisories': 'Customers advised to reset passwords on next login; '
'no further action required',
'data_breach': {'data_exfiltration': {'evidence_of_exfiltration': 'None '
'confirmed '
'(M&S '
'stated no '
'evidence '
'data was '
'shared)',
'status': 'Unconfirmed'},
'personally_identifiable_information': ['Names',
'Home addresses',
'Email addresses',
'Phone numbers'],
'sensitivity_of_data': 'Moderate (no financial or password '
'data, but includes contact details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-04',
'date_publicly_disclosed': '2024-05-28',
'description': 'British retailer Marks and Spencer (M&S) announced a '
'cyberattack that compromised customer personal data, '
'including names, home addresses, email addresses, and phone '
'numbers. The incident caused operational disruptions, '
'including unavailability of online shopping and empty shelves '
'in physical stores. The attack was claimed by the DragonForce '
"ransomware group, though this remains unconfirmed. The UK's "
'National Cyber Security Centre (NCSC) is investigating '
'potential links to similar attacks on Co-op and Harrods.',
'impact': {'brand_reputation_impact': 'Moderate to High (public disclosure, '
'operational disruptions, share price '
'decline)',
'customer_complaints': 'Likely (based on in-store apologies for '
'technical issues)',
'data_compromised': ['Names',
'Home addresses',
'Email addresses',
'Phone numbers'],
'downtime': {'in_store_operations': 'Partially disrupted (empty '
'shelves, limited product '
'availability)',
'online_shopping': 'Ongoing (as of disclosure date)'},
'financial_loss': {'share_price_decline': '11% (over the last '
'month)'},
'identity_theft_risk': 'Low to Moderate (no payment details or '
'passwords compromised, but PII exposed)',
'operational_impact': 'Severe (online shopping unavailable, '
'in-store product shortages)',
'payment_information_risk': 'None (M&S stated no usable payment or '
'card details were held or '
'compromised)',
'systems_affected': ['Online shopping platform',
'Inventory management',
'Product availability systems']},
'investigation_status': 'Ongoing (NCSC and law enforcement involved)',
'ransomware': {'ransomware_strain': {'claimed': 'DragonForce',
'confirmed': False}},
'references': [{'date_accessed': '2024-05-28',
'source': 'Marks and Spencer Public Statement'},
{'date_accessed': '2024-05-28',
'source': 'UK National Cyber Security Centre (NCSC)',
'url': 'https://www.ncsc.gov.uk'}],
'regulatory_compliance': {'regulatory_notifications': {'details': 'NCSC is '
'investigating '
'and '
'providing '
'sector-wide '
'advice',
'ncsc_involvement': True}},
'response': {'communication_strategy': {'advisory': 'No action required by '
'customers except '
'password reset on next '
'login',
'customer_notification': 'Letters '
'sent to '
'affected '
'customers',
'public_statement': 'Issued to media '
'and on company '
'channels'},
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Password resets for affected '
'customers'],
'third_party_assistance': {'organizations_involved': ['UK '
'National '
'Cyber '
'Security '
'Centre '
'(NCSC)']}},
'stakeholder_advisories': 'NCSC is providing advice to the retail sector and '
'wider economy',
'threat_actor': {'claimed_by': 'DragonForce ransomware group'},
'title': 'Marks and Spencer (M&S) Cyberattack and Data Breach',
'type': ['Data Breach', 'Cyberattack', 'Operational Disruption']}